A number of high-profile takedowns have whacked spammers this year. Now, a surge in spam carrying malicious exploits has researchers worrying that spammers have been successfully rebuilding their networks.

Earlier this week, M86 Security noted a significant spike in the proportion of spam carrying malicious attachments. Overall, the volume of spam messages has only slightly increased, but nearly a quarter of those messages are carrying attachments capable of infecting an end-user's computer, the company said. That's up from the typical single digits; for example, the last time M86 Security noted an increase in malicious attachments, in April, less than 7 percent of messages carried infectious programs.

In the past year, efforts by Microsoft and others resulted in the shuttering of two botnets: Waledac and Rustock. U.S. law enforcement spearheaded an effort to shut down the Coreflood botnet. And authorities in Spain and other European nations have hampered the operations of a Mariposa-based botnet.

Experts cited the takedowns as the reason for a surge in malicious spam in April. M86 Security is seeing three times more malicious spam now. The majority of the malicious spam comes from the Cutwail botnet, the company said, though it said that two other botnets, Festi and Asprox, contributed to the rise.

One reason for the timing of the surge could be that spammers and bot operators are seeking to take advantage of summer vacationers, says Ed Rowley, product manager for M86 Security.

"You have a lot more people who are opening up email at home; perhaps their guard is down because they are on holiday," he says. "They are not protected by corporate gateways, so they are probably less well protected than they are at work."